Microsoft has re-issued a security update after it was discovered that the patch introduced a bug of
its own.
The original patch was issued to close a loophole in Internet Explorer that could be used to hijack a
PC.

This patch was due to be updated because, in some circumstances, it caused Microsoft's browser
to crash.

Solving the problem became more acute when security researchers discovered that the crash
could also be exploited to take control of a PC.

Update alert

The problems revolve around the MS06-042 security patch for Internet Explorer that Microsoft
originally released on 8 August.

This update had Microsoft's highest "critical" rating and fixed eight vulnerabilities in the popular
browser.

Soon after releasing the update Microsoft received reports that, in some circumstances, it was
causing Internet Explorer to crash.

The software giant pledged to fix the update but its efforts became more urgent when security firm
EEye Digital Security discovered that the crash circumstances could be exploited to run malicious
code on that machine.

The re-issued patch was delayed because of incompatibilities with the distribution tools some firms
were using to install it.

Microsoft said the security problem introduced by its update would affect the relatively small number
of users running Windows 2000.

It said that group of people were most likely to be using the crash-prone version of Internet Explorer
as that was the most recent version of the browser for that operating system. The crashes were
seen on machine using Internet Explorer 6 with the Service Pack 1 update installed.